比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-18 10:31:15 2024-04-18 10:33:30 135 秒

魔盾分数

8.77

危险的

文件详细信息

文件名 synergy-11.exe
文件大小 4499456 字节
文件类型 PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 1159402c8c35af34671dcdfec6a5fb94
SHA1 5a9cbb7f26829d5a4a2932602bb003ad335e0cc3
SHA256 9786f26a4d43134f538119ea4be82b034ce41189b35460c8bebcdbbf2c4f9ad3
SHA512 caa8da5a72b66dfe261f6ab1b6cf15217479567e4441c44d8df4f3055b9c222fe5170e932102caf92c9d8588003eb31d2690c7b406dd9b5c27dd143bad2191e2
CRC32 B55B7181
Ssdeep 49152:aK/kIp/Yb/mhIa1UNy8pjBiQPZguEonwrZDMeIU0uQR6oz0l+tyoJBy7PQF5j1xh:VH2Xpj8Qd0rBoR9XkZ+
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x1400014d0
声明校验值 0x004517f5
实际校验值 0x004517f5
最低操作系统版本要求 4.0
编译时间 2024-04-18 10:27:25
载入哈希 9c44e617aad18f30b2dc617ac77baf67

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x003155d8 0x00315600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.21
.data 0x00317000 0x00003430 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.95
.rdata 0x0031b000 0x000f3a60 0x000f4000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.73
.pdata 0x0040f000 0x00016c44 0x00016e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.33
.xdata 0x00426000 0x0001a1f8 0x0001a200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.75
.bss 0x00441000 0x00000ae0 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.idata 0x00442000 0x00003420 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.53
.CRT 0x00446000 0x00000070 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.49
.tls 0x00447000 0x00000010 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00448000 0x000004e8 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.78
.reloc 0x00449000 0x00008794 0x00008800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.47

导入

库: KERNEL32.dll:
0x140442c64 AcquireSRWLockExclusive
0x140442c6c AcquireSRWLockShared
0x140442c7c CancelIoEx
0x140442c84 CloseHandle
0x140442c8c CompareStringOrdinal
0x140442c94 ConnectNamedPipe
0x140442c9c CreateDirectoryW
0x140442ca4 CreateFileMappingA
0x140442cac CreateFileW
0x140442cb4 CreateIoCompletionPort
0x140442cbc CreateMutexA
0x140442cc4 CreateNamedPipeW
0x140442ccc CreateProcessW
0x140442cd4 CreateThread
0x140442cdc CreateToolhelp32Snapshot
0x140442ce4 DeleteCriticalSection
0x140442cec DeleteFileW
0x140442cf4 DeviceIoControl
0x140442cfc DisconnectNamedPipe
0x140442d04 DuplicateHandle
0x140442d0c EnterCriticalSection
0x140442d14 ExitProcess
0x140442d1c FileTimeToSystemTime
0x140442d24 FindClose
0x140442d2c FindFirstFileW
0x140442d34 FindNextFileW
0x140442d3c FormatMessageW
0x140442d44 FreeEnvironmentStringsW
0x140442d4c FreeLibrary
0x140442d54 GetConsoleMode
0x140442d64 GetCurrentDirectoryW
0x140442d6c GetCurrentProcess
0x140442d74 GetCurrentProcessId
0x140442d7c GetCurrentThread
0x140442d84 GetCurrentThreadId
0x140442d8c GetDiskFreeSpaceExW
0x140442d94 GetDriveTypeW
0x140442d9c GetEnvironmentStringsW
0x140442da4 GetEnvironmentVariableW
0x140442dac GetFileAttributesW
0x140442dcc GetFullPathNameW
0x140442dd4 GetLastError
0x140442ddc GetLogicalDrives
0x140442de4 GetModuleFileNameW
0x140442dec GetModuleHandleA
0x140442df4 GetModuleHandleW
0x140442dfc GetOverlappedResult
0x140442e04 GetProcAddress
0x140442e0c GetProcessHeap
0x140442e14 GetProcessIoCounters
0x140442e1c GetProcessTimes
0x140442e2c GetStartupInfoA
0x140442e34 GetStdHandle
0x140442e3c GetSystemDirectoryW
0x140442e44 GetSystemInfo
0x140442e4c GetSystemTimeAsFileTime
0x140442e54 GetSystemTimes
0x140442e5c GetTempPathW
0x140442e64 GetTickCount64
0x140442e6c GetTimeZoneInformation
0x140442e74 GetVolumeInformationW
0x140442e7c GetWindowsDirectoryW
0x140442e84 GlobalAlloc
0x140442e8c GlobalFree
0x140442e94 GlobalLock
0x140442e9c GlobalMemoryStatusEx
0x140442ea4 GlobalSize
0x140442eac GlobalUnlock
0x140442eb4 HeapAlloc
0x140442ebc HeapFree
0x140442ec4 HeapReAlloc
0x140442ecc InitOnceBeginInitialize
0x140442ed4 InitOnceComplete
0x140442ee4 LeaveCriticalSection
0x140442eec LoadLibraryA
0x140442ef4 LocalAlloc
0x140442efc LocalFree
0x140442f04 MapViewOfFile
0x140442f0c Module32FirstW
0x140442f14 Module32NextW
0x140442f1c MultiByteToWideChar
0x140442f24 OpenProcess
0x140442f34 QueryPerformanceCounter
0x140442f44 RaiseException
0x140442f4c ReadFile
0x140442f54 ReadFileEx
0x140442f5c ReadProcessMemory
0x140442f64 ReleaseMutex
0x140442f6c ReleaseSRWLockExclusive
0x140442f74 ReleaseSRWLockShared
0x140442f7c RtlCaptureContext
0x140442f84 RtlLookupFunctionEntry
0x140442f8c RtlUnwindEx
0x140442f94 RtlVirtualUnwind
0x140442f9c SetConsoleTextAttribute
0x140442fb4 SetFilePointerEx
0x140442fbc SetHandleInformation
0x140442fc4 SetLastError
0x140442fcc SetThreadStackGuarantee
0x140442fdc Sleep
0x140442fec SleepEx
0x140442ff4 SwitchToThread
0x140442ffc SystemTimeToFileTime
0x14044300c TerminateProcess
0x140443014 TlsAlloc
0x14044301c TlsFree
0x140443024 TlsGetValue
0x14044302c TlsSetValue
0x14044303c TryAcquireSRWLockShared
0x140443044 UnmapViewOfFile
0x14044304c UnregisterWaitEx
0x140443054 VirtualProtect
0x14044305c VirtualQuery
0x140443064 VirtualQueryEx
0x14044306c WaitForSingleObject
0x140443074 WaitForSingleObjectEx
0x14044307c WakeAllConditionVariable
0x140443084 WakeConditionVariable
0x14044308c WideCharToMultiByte
0x140443094 WriteConsoleW
0x14044309c WriteFile
0x1404430a4 WriteFileEx
0x1404430ac __C_specific_handler
库: msvcrt.dll:
0x1404430bc __getmainargs
0x1404430c4 __initenv
0x1404430cc __iob_func
0x1404430d4 __set_app_type
0x1404430dc __setusermatherr
0x1404430e4 _acmdln
0x1404430ec _amsg_exit
0x1404430f4 _cexit
0x1404430fc _commode
0x140443104 _errno
0x14044310c _fmode
0x140443114 _fpreset
0x14044311c _initterm
0x140443124 _onexit
0x14044312c abort
0x140443134 calloc
0x14044313c exit
0x140443144 fprintf
0x14044314c free
0x140443154 fwrite
0x14044315c malloc
0x140443164 memcmp
0x14044316c memcpy
0x140443174 memmove
0x14044317c memset
0x140443184 pow
0x14044318c signal
0x140443194 strlen
0x14044319c strncmp
0x1404431a4 vfprintf
0x1404431ac wcslen
库: USER32.dll:
0x1404431c4 BeginPaint
0x1404431cc CloseClipboard
0x1404431d4 CloseDesktop
0x1404431dc CreateWindowExW
0x1404431e4 DefWindowProcW
0x1404431ec DestroyWindow
0x1404431f4 DispatchMessageA
0x1404431fc DispatchMessageW
0x140443204 DrawTextW
0x14044320c EmptyClipboard
0x140443214 EndPaint
0x14044321c EnumClipboardFormats
0x140443224 EnumDisplayMonitors
0x14044322c EnumDisplaySettingsW
0x140443234 FindWindowW
0x14044323c GetClipboardData
0x140443244 GetDC
0x14044324c GetKeyState
0x140443254 GetMessageA
0x14044325c GetMessageW
0x140443264 GetMonitorInfoW
0x14044326c GetSystemMetrics
0x140443274 GetWindowLongPtrW
0x14044327c InvalidateRect
0x140443284 LoadCursorW
0x14044328c LoadImageW
0x140443294 OpenClipboard
0x14044329c OpenInputDesktop
0x1404432a4 PostMessageW
0x1404432ac PostQuitMessage
0x1404432b4 RegisterClassW
0x1404432bc RegisterClipboardFormatW
0x1404432c4 ReleaseDC
0x1404432cc SendInput
0x1404432d4 SetClipboardData
0x1404432dc SetCursorPos
0x1404432e4 SetWindowLongPtrW
0x1404432ec SetWindowLongW
0x1404432f4 SetWindowPos
0x1404432fc ShowWindow
0x140443304 TranslateMessage
0x14044330c UpdateWindow
库: ntdll.dll:
0x14044331c NtCancelIoFileEx
0x140443324 RtlGetVersion
库: advapi32.dll:
0x140443334 GetTokenInformation
0x14044333c LookupAccountSidW
0x140443344 OpenProcessToken
0x14044334c RegCloseKey
0x140443354 RegOpenKeyExW
0x14044335c RegQueryValueExW
0x140443364 SystemFunction036
库: bcrypt.dll:
0x14044337c BCryptGenRandom
库: crypt32.dll:
0x140443394 CertCloseStore
0x1404433b4 CertGetEnhancedKeyUsage
0x1404433bc CertOpenStore
0x1404433c4 CertVerifyTimeValidity
库: gdi32.dll:
0x1404433d4 BitBlt
0x1404433dc CreateCompatibleDC
0x1404433e4 CreateDIBitmap
0x1404433ec CreateSolidBrush
0x1404433f4 GetDIBits
0x1404433fc GetObjectW
0x140443404 SelectObject
0x14044340c SetBkColor
库: hid.dll:
0x14044341c HidD_FreePreparsedData
0x140443424 HidD_GetAttributes
0x14044342c HidD_GetHidGuid
0x140443434 HidD_GetInputReport
0x14044343c HidD_GetPreparsedData
0x140443444 HidD_SetOutputReport
0x14044344c HidP_GetCaps
库: iphlpapi.dll:
0x14044345c FreeMibTable
0x140443464 GetAdaptersAddresses
0x14044346c GetIfEntry2
0x140443474 GetIfTable2
库: netapi32.dll:
0x140443484 NetApiBufferFree
0x14044348c NetUserEnum
0x140443494 NetUserGetLocalGroups
库: ntdll.dll:
0x1404434a4 NtCreateFile
0x1404434ac NtDeviceIoControlFile
0x1404434bc NtQuerySystemInformation
0x1404434c4 RtlNtStatusToDosError
库: ole32.dll:
0x1404434d4 CoCreateGuid
0x1404434dc CoCreateInstance
0x1404434e4 CoInitializeEx
0x1404434ec CoInitializeSecurity
0x1404434f4 CoSetProxyBlanket
0x1404434fc CoUninitialize
0x140443504 OleInitialize
0x14044350c OleSetClipboard
库: oleaut32.dll:
0x14044351c GetErrorInfo
0x140443524 SetErrorInfo
0x14044352c SysAllocString
0x140443534 SysFreeString
0x14044353c SysStringLen
0x140443544 VariantClear
库: pdh.dll:
0x140443554 PdhAddEnglishCounterW
0x14044355c PdhCloseQuery
0x140443564 PdhCollectQueryData
0x140443574 PdhOpenQueryA
0x14044357c PdhRemoveCounter
库: powrprof.dll:
0x14044358c CallNtPowerInformation
库: secur32.dll:
0x1404435a4 LsaFreeReturnBuffer
0x1404435ac LsaGetLogonSessionData
库: setupapi.dll:
0x1404435cc SetupDiGetClassDevsW
库: shell32.dll:
0x1404435ec CommandLineToArgvW
0x1404435f4 DragQueryFileW
0x1404435fc SHCreateStdEnumFmtEtc
库: shlwapi.dll:
0x14044360c SHCreateMemStream
库: ws2_32.dll:
0x14044361c WSACleanup
0x140443624 WSAGetLastError
0x14044362c WSAIoctl
0x140443634 WSASend
0x14044363c WSASocketW
0x140443644 WSAStartup
0x14044364c accept
0x140443654 bind
0x14044365c closesocket
0x140443664 connect
0x14044366c freeaddrinfo
0x140443674 getaddrinfo
0x14044367c getpeername
0x140443684 getsockname
0x14044368c getsockopt
0x140443694 ioctlsocket
0x14044369c listen
0x1404436a4 recv
0x1404436ac recvfrom
0x1404436b4 send
0x1404436bc sendto
0x1404436c4 setsockopt
0x1404436cc shutdown
0x1404436d4 socket
库: psapi.dll:
0x1404436e4 GetModuleFileNameExW
0x1404436ec GetPerformanceInfo
.text
`.data
.rdata
@.pdata
@.xdata
@.bss
.idata
.rsrc
.reloc
没有防病毒引擎扫描信息!

进程树

synergy-11.exe, PID: 2660, 上一级进程 PID: 2296
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.206.229.108 80
192.168.122.202 49181 192.168.122.201 445
192.168.122.202 49182 192.168.122.201 445
192.168.122.202 49183 192.168.122.201 445
192.168.122.202 49184 192.168.122.201 445
192.168.122.202 49185 192.168.122.201 445
192.168.122.202 49186 192.168.122.201 445
192.168.122.202 49187 192.168.122.201 445
192.168.122.202 49188 192.168.122.201 445
192.168.122.202 49189 192.168.122.201 445
192.168.122.202 49190 192.168.122.201 445
192.168.122.202 49191 192.168.122.201 445
192.168.122.202 49192 192.168.122.201 445
192.168.122.202 49193 192.168.122.201 445
192.168.122.202 49194 192.168.122.201 135
192.168.122.202 49195 192.168.122.201 49156
192.168.122.202 49196 192.168.122.201 445
192.168.122.202 49197 192.168.122.201 445
192.168.122.202 49198 192.168.122.201 445
192.168.122.202 49199 192.168.122.201 445
192.168.122.202 49200 192.168.122.201 445
192.168.122.202 49201 192.168.122.201 445
192.168.122.202 49202 192.168.122.201 445
192.168.122.202 49203 192.168.122.201 445
192.168.122.202 49204 192.168.122.201 445
192.168.122.202 49205 192.168.122.201 445
192.168.122.202 49206 192.168.122.201 445
192.168.122.202 49207 192.168.122.201 445
192.168.122.202 49208 192.168.122.201 445
192.168.122.202 49209 192.168.122.201 445
192.168.122.202 49210 192.168.122.201 445
192.168.122.202 49211 192.168.122.201 445
192.168.122.202 49212 192.168.122.201 49156
192.168.122.202 49213 192.168.122.201 445
192.168.122.202 49215 192.168.122.201 445

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.206.229.108 80
192.168.122.202 49181 192.168.122.201 445
192.168.122.202 49182 192.168.122.201 445
192.168.122.202 49183 192.168.122.201 445
192.168.122.202 49184 192.168.122.201 445
192.168.122.202 49185 192.168.122.201 445
192.168.122.202 49186 192.168.122.201 445
192.168.122.202 49187 192.168.122.201 445
192.168.122.202 49188 192.168.122.201 445
192.168.122.202 49189 192.168.122.201 445
192.168.122.202 49190 192.168.122.201 445
192.168.122.202 49191 192.168.122.201 445
192.168.122.202 49192 192.168.122.201 445
192.168.122.202 49193 192.168.122.201 445
192.168.122.202 49194 192.168.122.201 135
192.168.122.202 49195 192.168.122.201 49156
192.168.122.202 49196 192.168.122.201 445
192.168.122.202 49197 192.168.122.201 445
192.168.122.202 49198 192.168.122.201 445
192.168.122.202 49199 192.168.122.201 445
192.168.122.202 49200 192.168.122.201 445
192.168.122.202 49201 192.168.122.201 445
192.168.122.202 49202 192.168.122.201 445
192.168.122.202 49203 192.168.122.201 445
192.168.122.202 49204 192.168.122.201 445
192.168.122.202 49205 192.168.122.201 445
192.168.122.202 49206 192.168.122.201 445
192.168.122.202 49207 192.168.122.201 445
192.168.122.202 49208 192.168.122.201 445
192.168.122.202 49209 192.168.122.201 445
192.168.122.202 49210 192.168.122.201 445
192.168.122.202 49211 192.168.122.201 445
192.168.122.202 49212 192.168.122.201 49156
192.168.122.202 49213 192.168.122.201 445
192.168.122.202 49215 192.168.122.201 445

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2024-04-18 10:33:01.716820+0800 192.168.122.202 49183 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:02.726844+0800 192.168.122.202 49187 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:05.106570+0800 192.168.122.202 49192 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:08.420673+0800 192.168.122.202 49205 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:09.860451+0800 192.168.122.202 49211 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:07.575740+0800 192.168.122.202 49203 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:04.704927+0800 192.168.122.202 49189 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:01.586299+0800 192.168.122.202 49182 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:01.975677+0800 192.168.122.202 49184 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:06.080202+0800 192.168.122.202 49196 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:05.210323+0800 192.168.122.202 49193 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:09.491077+0800 192.168.122.202 49206 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:02.426291+0800 192.168.122.202 49186 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:06.805406+0800 192.168.122.202 49198 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:09.761681+0800 192.168.122.202 49208 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:05.015226+0800 192.168.122.202 49191 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:03.369155+0800 192.168.122.202 49188 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:07.204957+0800 192.168.122.202 49201 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:07.013355+0800 192.168.122.202 49199 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:09.772517+0800 192.168.122.202 49209 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:01.102961+0800 192.168.122.202 49181 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:07.309362+0800 192.168.122.202 49202 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:10.617593+0800 192.168.122.202 49215 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:02.144661+0800 192.168.122.202 49185 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:06.390986+0800 192.168.122.202 49197 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:09.665140+0800 192.168.122.202 49207 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:04.997939+0800 192.168.122.202 49190 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:07.117727+0800 192.168.122.202 49200 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:09.853010+0800 192.168.122.202 49210 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:10.244047+0800 192.168.122.202 49213 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2024-04-18 10:33:07.806057+0800 192.168.122.202 49204 192.168.122.201 445 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 28.309 seconds )

  • 12.371 Suricata
  • 11.369 Static
  • 2.255 NetworkAnalysis
  • 1.193 TargetInfo
  • 0.716 BehaviorAnalysis
  • 0.37 peid
  • 0.012 Strings
  • 0.011 config_decoder
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 2.036 seconds )

  • 1.702 proprietary_url_bl
  • 0.041 api_spamming
  • 0.035 antiav_detectreg
  • 0.031 stealth_timeout
  • 0.029 stealth_decoy_document
  • 0.026 injection_createremotethread
  • 0.015 injection_runpe
  • 0.014 infostealer_ftp
  • 0.012 injection_explorer
  • 0.008 infostealer_im
  • 0.007 shifu_behavior
  • 0.007 antiav_detectfile
  • 0.007 antianalysis_detectreg
  • 0.007 proprietary_domain_bl
  • 0.005 mimics_filetime
  • 0.005 anomaly_persistence_autorun
  • 0.005 virus
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.005 network_http
  • 0.004 bootkit
  • 0.004 stealth_file
  • 0.004 reads_self
  • 0.004 antivm_generic_disk
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 hancitor_behavior
  • 0.003 antivm_vbox_files
  • 0.003 network_cnc_http
  • 0.002 tinba_behavior
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 process_needed
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.555 seconds )

  • 0.546 ReportHTMLSummary
  • 0.009 Malheur
Task ID 744065
Mongo ID 662086c6dc327b6543622de0
Cuckoo release 1.4-Maldun